False claims are a constant problem for health insurance providers, whether private or government. That a fraudulent health care claim happens is no surprise. But the process by which it happens will provide you with some insights by which you can protect yourself and advance the cause of everyone else.
I suppose there is a first time for everything. In this case, I became a target of Medicare fraud. I say “target” rather than “victim” because, at this point, the only people who are paying for this fraud are the tax-paying citizens. An indirect target was the private health insurance company that provides coverage for retired federal employees. In that case, the real “victims” are all the contributors to Blue Cross coverage who indirectly subsidize fraudulent claims when they are not caught, or the staff that so diligently screens the claims.
Fortunate for me, the false claim was caught by Blue Cross, but Medicare processed the claim.
How did this happen? How did I trace back the claim? And what has been done about it?
How did it Happen?
False claims are a constant problem for health insurance providers, whether private or government. That it happens is no surprise. But the process by which it happens will provide you with some insights by which you can protect yourself and advance the cause of everyone else. I have been quite fortunate in life to be able to afford a comprehensive health plan, but I lived through worse times and know full well that most Americans will pay a deductible for medical care. So a false claim can literally come out of their pockets.
In my case, it was a claim mailed to me by Blue Cross. Since I conduct my business with Blue Cross online, a mailed claim statement was a bit of an anomaly. That got my attention. I read over the claim and immediately suspected something was up. The claim said it pertained to the period of July 13th through August 14th. Poor suckers. If only the crooks knew I was driving over the western half of the continental US at that time.
But how it happens is as simple as that. The only real defense you have is to simply notice it. So there is lesson #1 – pay attention to any claim notifications.
How Did I Trace Back the Claim?
The first step is to check what your insurance provider has on record. I accessed my Blue Cross account and reviewed the claim. The above stated claim did not appear. So I included Denied claims and, voila, it showed up. Blue Cross apparently had data on G&I Ortho Supply that flagged the claim as fraudulent.
The next step is to review the Medicare claim. It was here that I saw that the claim was processed. While it cost me nothing out-of-pocket, it had cost all of us a lion share of the $3,980 claim.
The next step is to see if your experience is unique or has been reported elsewhere. So I searched for “Ortho Supply fraud” and variations of “GI Ortho”. It was here I discovered three things. First, there were a lot of matches. Second, a valuable resource appeared called NPI. Finally, there was some rich material on the Better Business Bureau site.
NPI stands for National Provider Identifier, a number that is used to identify health care providers. This data is always associated with an insurance claim. The NPI number is not always apparent on insurance claim forms, but associated data may appear. It was here that the provider’s address and contact information appeared. And … a comment appeared describing the very same fraudulent case that appeared in my case.
From here it really gets interesting. It is a rabbit hole that we will not delve into. But a glance on Google Maps with the attending streetview of 393 Avenue X produces a dry cleaning business in Brooklyn, New York. I presume “Suite 2” must be upstairs? Then there is the name “Elchin Rafailov”, which produces search results associated with the name, including “g&i ortho supply inc fraud”. He produced evidence that he sold the company in March 2023. The fraudulent claim in question was made in July 2023.
The next stop was the Better Business Bureau. It was here that I once again found identical claims being reported. For example:
G&I Ortho Supply also charged my Medicare account for urinary catheters. Both April 13 and May 15, 2023 for $1,990 each, totaling $3,980. The alleged Dr request was different, Dr Alireza Shams. Medicare also transmitted the claim to my Supplement insurance provider. I tried calling multiple times and the recording said they were closed and to leave a message during their business hours. The inbox was full and would not accept messages.
Note that the stated complaint showed false claims in April and May 2023, after the sale of the company.
What Can Be Done About It?
In my case, nothing affected my pocketbook. But regardless, report the fraud. If you are left with a bill on uncovered claims, challenge the claim and suspend payment. Be especially diligent regarding your credit cards. It is apparent the criminals have your Medicare card number and private insurance card number, and most likely have your social security number. My guess your credit card number may be in the mix. The fact that this PII (Personally Identifiable Information) is in the wild is beyond your control. But the claim is under your control. Report it.
Blue Cross is rather straightforward in reporting a fraudulent claim (their customer service is vastly more efficient than Medicare). So with Medicare, the quickest way to report a fraud is through their website. Unfortunately, where to go to report fraud is a bit obscure. Along the top of the page is a menu titled “Basic”, under which is an item “Reporting fraud & abuse”. From there you will go through a rather involved process of completing the report and uploading any associated evidence.
Is there anything you can do about the misuse of your PII? I long ago was resigned to the fact that my private information would be obtained through some illegal means. So what I have done is to simply be vigilant about suspicious activity. Monitor your bank accounts and credit cards diligently. Watch your credit score. In regards to false claims, gather all the information you can and engage the insurance providers. If you have monetary losses, you have grounds for a civil suit. An attorney will need to be engaged. More than likely you will be lumped into a class action suit since dozens, if not thousands, of other victims are involved. Since fraud is a crime, it will most likely be pursued as a criminal, not a civil, case. Getting your money back will be secondary and most likely a long time in coming.
What is important is that you protect yourself.
Is there a chance they will attempt to collect the unpaid balance? I think it is doubtful. This act of fraud was conducted under the radar. Sending a solicitation letter directly to the patient would most likely bring too much attention. One thing I noticed is that Blue Cross sends me a notification as the claim is being processed. Medicare sends out statements once every three months. Even though I have my profile tagged to send me claims over e-mail, I never have received one. If the perpetrators know this about Medicare, they know that their activity may go unchallenged for as much as three months.
What will hurt is that part of the charge is applied to your annual deductible. Thus – report the fraud as soon as possible.
Unresolved Questions
As a security specialist investigating past incidents, I always came out of the experience with more questions than answers. In this particular case, it would be quite interesting to learn how G&I Ortho Supply obtained PII, the techniques they used in filing the claims, and the scope of their operation. One of the advantages of a civil or criminal case being tried is that these sort of particulars must be disclosed. My guess is that G&I Ortho Supply purchased the Medicare and Blue Cross numbers on the dark web or the company is operating as a front for a larger criminal operation. But from my end, it makes me wonder which of the health care providers I have used in the past three years leaked my private data.
If I was to pursue this case further I would construct a matrix of all the likely health care providers that I have utilized, correlating this list with any reports of data breaches at any of these providers. This would entail a scan of evidence obtained over the Internet and the simple process of asking your providers if they have had a data breach. Beyond this point, however, you may need to rely on law enforcement. The data breach may simply be an old fashion cut and paste operation where a clerk puts your PII in their pocket and sells it. I have also noticed that businesses and government agencies tend to humor individuals asking too many questions. A formal crime investigation would compel them to be more forthright.
This matrix can get quite complex. Health care providers rarely keep PII on their local systems. Most patient information is kept by third-party services over the Internet. So if your primary care provider is ABC Valley Medical, you may not find anything regarding a data breach. But when you discover they utilize an application from XYZ Patient Care Services, you may discover they had a data breach.
My final question regards the US government. I filed a report, but there is no status data. A positive addition to the process would be to provide via e-mail a confirmation to the citizen reporting fraud. As of now, I have no idea whether the report went through and where it stands in the review process. This may be especially significant if a fraudulent health care claim uses up a person’s deductible or generates a fraudulent charge. And, as noted above, if Medicare could provide an immediate notification as a claim is being processed, it could substantially improve the odds of a claim being challenged before being payed.
© Copyright 2023 to Eric Niewoehner